Malicious code in pgrayy-wasmtime (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e The distribution is published as pgrayy-wasmtime but its toplevel.txt declares the top-level import name as wasmtime, and the entire Python source tr...

The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz

Vessels are increasingly being abandoned during the war on Iran, revealing a hidden failure in the global systems that keep goods—and people—moving...

Attacks on GPS Spike Amid US and Israeli War on Iran

New analysis shows that attacks on satellite navigation systems have impacted some 1,100 ships in the Middle East since the US and Israel attacked Iran on February 28...

PT-2026-4684

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs: 1,000+ web shops infected by "Phish ‘n Ships" criminals who create fake product listings for in-demand products Android malware FakeCall intercepts your calls to the bank Patch now! New Chrome update for two critical vulnerabilities Update your iPhone, Mac, Watch:...

1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings. The threat, dubbed "Phish ‘n Ships" by the researchers, reportedly infected more than 1,000...

CVE-2024-9237 Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting

The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for...

CVE-2024-9237 Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting

The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for...

WordPress Fish and Ships plugin <= 1.5.9 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Fish and Ships versions = 1.5.9...

WordPress plugin Fish and Ships 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Fish and Ships Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)

Software Fish and Ships Type Plugin Vulnerable versions = 1.5.9 Fixed in 1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9237 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7e6c47fc694c Credits vgo0 Required privile...

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover...

Russian ‘Ghost Ships’ Identified Near the Nord Stream Blasts

Plus: Apple and Google plan to stop AirTag stalking, Meta violated the FTC’s privacy order, and how to tell if your car is tracking you...

maps-js-icoads 路径遍历漏洞

maps-js-icoads is a spatio-temporal data visualization of ships and buoys by the individual developer Paul R. Saxman. A path traversal vulnerability exists in maps-js-icoads. An attacker exploiting this vulnerability could access files and directories stored outside of the web root folder...

Malicious code in opensea-ships-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3635ace2bf4429178054ef42ceb3653e6f2645d6c6d209d2fd0fdd305778e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5100 Malicious code in opensea-ships-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3635ace2bf4429178054ef42ceb3653e6f2645d6c6d209d2fd0fdd305778e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-0878

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

Design/Logic Flaw

Electric Vehicle EV commonly utilises the Combined Charging System CCS for DC rapid charging. To exchange important messages such as the State of Charge SoC with the Electric Vehicle Supply Equipment EVSE CCS uses a high-bandwidth IP link provided by the HomePlug Green PHY HPGP power-line...

CVE-2022-0878

The CVE-2022-0878 issue describes a denial-of-service style disruption in CCS-based DC fast charging communications, where an attacker can use electromagnetic interference to wirelessly interrupt the high-bandwidth IP link over HomePlug Green PHY (HPGP) PLC. Exploitation can be performed from a d...

mercyships.de Cross Site Scripting vulnerability OBB-1349226

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...